Automatic merge from submit-queue (batch tested with PRs 47204, 46808, 47432, 47400, 47099)
Remove broken getvolumename and pass PV or volume name to attach call
Cherry-picking https://github.com/kubernetes/kubernetes/pull/46249 to master
What this PR does / why we need it:
Flex getvolumename is broken in 1.6. It needs to be fixed comprehensively in 1.7 release. Removing the api in 1.6. Also pass PV or volume name to the driver during attach call. Detach uses PV or volume name, so plugin can use that information to map to PV.
Which issue this PR fixes (optional, in fixes #(, fixes #<issue_number>, ...) format, will close that issue when PR gets merged): fixes #
Fixes - #44737
Automatic merge from submit-queue (batch tested with PRs 47204, 46808, 47432, 47400, 47099)
Make the generic webhook admission controller use the dynamic webhook config manager
Based on #46672 and #46388.
Only the last commit is unique.
* removed `SetWebhookSource` from the PluginInitializer
* implemented `SetExternalClientset` for the generic webhook admisson controller, initializing an ExternalWebhookConfigurationManager in the method.
Automatic merge from submit-queue (batch tested with PRs 47204, 46808, 47432, 47400, 47099)
Make kubectl apply add change-cause before patching
**What this PR does / why we need it**: We shouldn't patch the project with applied change, and then patch again with the change cause. Otherwise, DaemonSet change cause wouldn't be copied to its history (after the first patch, history will be created with the old change cause).
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#47210
**Special notes for your reviewer**:
/assign @mengqiy
@kubernetes/sig-apps-bugs @kubernetes/sig-cli-maintainers
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue
Do not add unique label to DaemonSet
**What this PR does / why we need it**:
It's mainly for #46925. DaemonSet controller adds a unique label to DaemonSet, which is unexpected to federation.
The 1st commit addressed #46981 to construct history once and pass it around, so that we can avoid adding that unique label in DaemonSet in the 2nd commit. ~The 3rd commit just reverts the band-aid PR #47103.~
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#46925, xref #46981
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 47470, 47260, 47411, 46852, 46135)
Lookup --no-headers flag safely in PrinterForCommand function
If this was invoked by a command that did not call AddPrinterFlags first, it ended up with fatal error on `GetFlagBool(cmd, "no-headers")`. This is causing a bug in OpenShift's command reusing this code and not actually having a flag `--no-headers`.
Automatic merge from submit-queue
AWS: Process disk attachments even with duplicate NodeNames
Fix#47404
```release-note
AWS: Process disk attachments even with duplicate NodeNames
```
Automatic merge from submit-queue (batch tested with PRs 47073, 47457, 47479)
PodSecurityPolicy should respect and validate user-supplied RunAsNonR…
**What this PR does / why we need it**: PodSecurityPolicies overwrite and then fail to validate the RunAsNonRoot field in the container security context.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#47071
**Special notes for your reviewer**: gce/gke don't use this in 1.6. You'll need to speak up if you think this is important enough to patch. It should almost certainly go into 1.7.
**Release note**:
```release-note
PodSecurityPolicy now recognizes pods that specify `runAsNonRoot: false` in their security context and does not overwrite the specified value
```
Automatic merge from submit-queue (batch tested with PRs 47302, 47389, 47402, 47468, 47459)
[GCE] Fix ILB sharing and GC
Fixes#47092
- Users must opt-in for sharing backend services (alpha feature - may be removed in future release)
- Shared backend services use a hash for determining similarity via settings (so far, only sessionaffinity) (again, this may be removed)
- Move resource cleanup to after the ILB setup.
/assign @bowei
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 47084, 46016, 46372)
Warn, instead of failing, if 'modprobe rbd' fails
Modprobe is a kernel operation that should only be done once to load the
RBD module. The admin could've done this on the Kubernetes nodes. The
RBD plugin can still try to load the module but it shouldnt fail the
workflow if it doesnt succeed.
Partially addresses #45190
Automatic merge from submit-queue (batch tested with PRs 47084, 46016, 46372)
Update adoption/release of DaemonSet controller history, and wait for history store sync
**What this PR does / why we need it**:
~Depends on #47075, so that DaemonSet controller can update history's controller ref. Ignore that commit when reviewing.~ (merged)
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: #46981
**Special notes for your reviewer**: @kubernetes/sig-apps-bugs
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 46441, 43987, 46921, 46823, 47276)
Remove PartitionStatefulSetStrategyType
This PR removes PartitionStatefulSetStrategyType add adds a parameter to RollingUpdateStatefulSetStrategyType as described in the issue below. We need this PR to ensure that the StatefulSet API conforms to the existing API for DaemonSet.
fixes#46975
```release-note
NONE
```
@kargakis
@smarterclayton
@janetkuo
Automatic merge from submit-queue (batch tested with PRs 46441, 43987, 46921, 46823, 47276)
kubelet/network: report but tolerate errors returned from GetNetNS() v2
Runtimes should never return "" and nil errors, since network plugin
drivers need to treat netns differently in different cases. So return
errors when we can't get the netns, and fix up the plugins to do the
right thing.
Namely, we don't need a NetNS on pod network teardown. We do need
a netns for pod Status checks and for network setup.
V2: don't return errors from getIP(), since they will block pod status :( Just log them. But even so, this still fixes the original problem by ensuring we don't log errors when the network isn't ready.
@freehan @yujuhong
Fixes: https://github.com/kubernetes/kubernetes/issues/42735
Fixes: https://github.com/kubernetes/kubernetes/issues/44307
Automatic merge from submit-queue (batch tested with PRs 46929, 47391, 47399, 47428, 47274)
Don't provision for PVCs with AccessModes unsupported by plugin
Fail early in case the user actually expects e.g. RWM from AWS when in reality that isn't possible.
@eparis @gnufied
edit: this needs release note because it's a breaking bugfix; will write one.
https://github.com/kubernetes/kubernetes/issues/46540
```release-note
Fix dynamic provisioning of PVs with inaccurate AccessModes by refusing to provision when PVCs ask for AccessModes that can't be satisfied by the PVs' underlying volume plugin
```
Automatic merge from submit-queue (batch tested with PRs 46929, 47391, 47399, 47428, 47274)
AWS: Richer log message when metadata fails
Not a resolution, but should at least help determine the issue.
Issue #41904
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 47075, 46342)
Remove hardcode for blocksize, use stat(), fixes test failure on SLES
**What this PR does / why we need it**:
Removes hardcoding for blocksize, fixes test failure on SLES
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#44022
**Special notes for your reviewer**:
**Release note**:
```release-note
```
Automatic merge from submit-queue
Change what is stored in DaemonSet history `.data`
**What this PR does / why we need it**:
In DaemonSet history `.data`, store a strategic merge patch that can be applied to restore a DaemonSet. Only PodSpecTemplate is saved.
This will become consistent with the data stored in StatefulSet history.
Before this fix, a serialized pod template is stored in `.data`; however, seriazlized pod template isn't a `runtime.RawExtension`, and caused problems when controllers try to patch the history's controller ref.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#47008
**Special notes for your reviewer**: @kubernetes/sig-apps-bugs @erictune @kow3ns @kargakis @lukaszo @mengqiy
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 47000, 47188, 47094, 47323, 47124)
fix sync loop health check
This PR will do error logging about the fall behind sync for kubelet instead of sync loop healthz checking.
The reason is kubelet can not do sync loop and therefore can not update sync loop time when there is any runtime error, such as docker hung.
When there is any runtime error, according to current implementation, kubelet will not do sync operation and thus kubelet's sync loop time will not be updated. This will make when there is any runtime error, kubelet will also return non 200 response status code when accessing healthz endpoint. This is contrary with #37865 which prevents kubelet from being killed when docker hangs.
**Release note**:
```release-note
fix sync loop health check with seperating runtime errors
```
/cc @yujuhong @Random-Liu @dchen1107
Automatic merge from submit-queue (batch tested with PRs 47000, 47188, 47094, 47323, 47124)
GC should retry on patch error
Fixing https://github.com/kubernetes/kubernetes/issues/46998.
This is fixing a bug, so applying the 1.7 milestone.
Automatic merge from submit-queue
Fix missing __kubectl_parse_config
**What this PR does / why we need it**:
This PR fixes the broken completion of kubectl config use-context. I checked that the completions of kubectl config use-context, --user and --cluster work correctly.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#29386
**Special notes for your reviewer**: @pwittrock @janetkuo
**Release note**:
```release-note
NONE
```
GenericPLEG's 1s relist() loop races against pod network setup. It
may be called after the infra container has started but before
network setup is done, since PLEG and the runtime's SyncPod() run
in different goroutines.
Track network setup status and don't bother trying to read the pod's
IP address if networking is not yet ready.
See also: https://bugzilla.redhat.com/show_bug.cgi?id=1434950
Mar 22 12:18:17 ip-172-31-43-89 atomic-openshift-node: E0322
12:18:17.651013 25624 docker_manager.go:378] NetworkPlugin
cni failed on the status hook for pod 'pausepods22' - Unexpected
command output Device "eth0" does not exist.
Runtimes should never return "" and nil errors, since network plugin
drivers need to treat netns differently in different cases. So return
errors when we can't get the netns, and fix up the plugins to do the
right thing.
Namely, we don't need a NetNS on pod network teardown. We do need
a netns for pod Status checks and for network setup.
This reverts commit fee4c9a7d9.
This is not the correct fix for the problem; and it causes other problems
like continuous:
docker_sandbox.go:234] NetworkPlugin cni failed on the status hook for pod
"someotherdc-1-deploy_default": Unexpected command output nsenter: cannot
open : No such file or directory with error: exit status 1
Because GetNetNS() is returning an empty network namespace. That is
not helpful nor should really be allowed; that's what the error return
from GetNetNS() is for.
Cao Shufeng